Critical Vulnerabilities Completely Compromise ‘Symantec Endpoint Protection’

February 18, 2014

VIENNA, February 18, 2014 /PRNewswire/ –

The award-winning [1] and longtime leader of Gartner report league tables [2];
‘Symantec Endpoint Protection’, developed by the US-based Symantec Corp. (Nasdaq: SYMC),
was shipped without removing several critical security vulnerabilities [3]. The
vulnerabilities were discovered in a routine ’99er’ security crash test by experts of the
SEC Consult Vulnerability Lab (http://www.sec-consult.com). In a 99er security crash
test, SEC Consult white-hat experts evaluate the product security for the maximum of 99
working hours to determine if this specific release of a product can be compromised by

The unremoved vulnerabilities enable state-sponsored or criminal hackers to take full
control of the ‘Symantec Endpoint Protection Manager’ server. With the full control of the
server the attackers could obliterate the endpoint protection provided by the Symantec
solution as they would have full access to the protection features of the endpoints. SEC
Consult experts recommend immediately installing the update released by the vendor to
counter these vulnerabilities [4].

Since mid-2012 SEC Consult has identified several critical vulnerabilities in other
Symantec products during routine security tests. A Support Backdoor was identified in
Symantec Messaging Gateway [5] and for the Symantec Web Gateway [6]. The vulnerabilities
found enabled attackers to run commands with the privileges of the ‘root’ operating system
user and to perform surveillance activities.

SEC Consult strongly advises that customers of Symantec products should demand from
the vendor exhaustive security tests by (European) security experts before the
implementation of the respective software product.

SEC Consult generally recommends routine security crash tests for standard software
products to prevent the procurement of ‘toxic’ (i.e. heavily insecure) software. Toxic
Software contains severe security vulnerabilities and poses a severe and highly probable
risk to the confidentiality, availability and integrity of its owner.

Further technical information can be found in the SEC Consult Security Advisory [3].

[1] http://www.scawardseurope.com/2013-winners



[3] https://www.sec-consult.com/de/Vulnerability-Lab/Advisories.htm


[5] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm#a99

[6] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm#a131

        For further information please contact:
        Johannes Greil
        Head of SEC Consult Vulnerability Lab
        Phone: +43189030430

SOURCE SEC Consult Security Advisory

Source: PR Newswire

comments powered by Disqus